[go: up one dir, main page]

WO2012032218A1 - Procédés et appareils de traitement d'une clé indisponible - Google Patents

Procédés et appareils de traitement d'une clé indisponible Download PDF

Info

Publication number
WO2012032218A1
WO2012032218A1 PCT/FI2011/050701 FI2011050701W WO2012032218A1 WO 2012032218 A1 WO2012032218 A1 WO 2012032218A1 FI 2011050701 W FI2011050701 W FI 2011050701W WO 2012032218 A1 WO2012032218 A1 WO 2012032218A1
Authority
WO
WIPO (PCT)
Prior art keywords
received message
key
connection
base key
handling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/FI2011/050701
Other languages
English (en)
Inventor
Marko Filppula
Antti-Eemeli Suronen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Inc
Original Assignee
Nokia Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Inc filed Critical Nokia Inc
Publication of WO2012032218A1 publication Critical patent/WO2012032218A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation

Definitions

  • Example embodiments of the present invention relate generally to
  • communications technology and, more particularly, relate to methods and apparatuses for handling an unavailable key.
  • E-UTRAN evolved universal mobile telecommunications system
  • UMTS evolved universal mobile telecommunications system
  • E-UTRAN terrestrial radio access network
  • LTE Long Term Evolution
  • 3.9G 3.9G
  • E-UTRAN which continues to be shared with other preceding telecommunication standards is the fact that users are enabled to access a network employing such standards while remaining mobile.
  • users having mobile terminals equipped to communicate in accordance with such standards may travel vast distances while maintaining communication with the network.
  • an access point or base station providing network coverage for a particular area (or cell) may pass off communication with a particular mobile terminal to a neighboring base station when the user of the particular mobile terminal exits the coverage area of the base station or can otherwise be more effectively served by the neighboring base station. This process is often referred to as a handover.
  • Methods, apparatuses, and computer program products are herein provided for handling an unavailable key.
  • Methods, apparatuses, and computer program products in accordance with various embodiments may provide several advantages to computing devices, computing device users, and network operators.
  • Some example embodiments provide for handling a missing base key needed for performing a key change attendant to a handover operation. More particularly, some example embodiments provide for determining an instance in which a message is received indicating that a handover is to be performed and one or more keys are to be changed on the basis of a fresh base key, but the fresh base key is missing.
  • some example embodiments provide for handling the received message as an exception responsive to the determination. Accordingly, the missing fresh base key may be recovered and errors in security key synchronization used in the network connection and/or a failure of cryptographic security that might have occurred if the handover was performed as instructed in the absence of the fresh base key may be avoided.
  • a method which comprises
  • determining that a received message comprises an indication that a handover is to be performed and an indication that a security key is to be changed on the basis of a fresh base key.
  • the method of this example embodiment further comprises determining that the fresh base key is not available.
  • the method of this example embodiment additionally comprises handling the received message as an exception in response to the determination that the fresh base key is not available.
  • an apparatus comprising at least one processor and at least one memory storing computer program code.
  • the at least one memory and stored computer program code are configured, with the at least one processor, to cause the apparatus of this example embodiment to at least determine that a received message comprises an indication that a handover is to be performed and an indication that a security key is to be changed on the basis of a fresh base key.
  • the at least one memory and stored computer program code are configured, with the at least one processor, to further cause the apparatus of this example embodiment to determine that the fresh base key is not available.
  • the at least one memory and stored computer program code are configured, with the at least one processor, to additionally cause the apparatus of this example embodiment to handle the received message as an exception in response to the determination that the fresh base key is not available.
  • a computer program product in another example embodiment, includes at least one non- transitory computer-readable storage medium having computer-readable program instructions stored therein.
  • the program instructions of this example embodiment comprise program instructions configured to determine that a received message comprises an indication that a handover is to be performed and an indication that a security key is to be changed on the basis of a fresh base key.
  • the program instructions of this example embodiment further comprise program instructions configured to determine that the fresh base key is not available.
  • the program instructions of this example embodiment additionally comprise program instructions configured to handle the received message as an exception in response to the determination that the fresh base key is not available.
  • an apparatus which comprises means for determining that a received message comprises an indication that a handover is to be performed and an indication that a security key is to be changed on the basis of a fresh base key.
  • the apparatus of this example embodiment further comprises means for determining that the fresh base key is not available.
  • the apparatus of this example embodiment additionally comprises means for handling the received message as an exception in response to the determination that the fresh base key is not available.
  • FIG. 1 illustrates a system for handling an unavailable key according to an example embodiment
  • FIG. 2 is a schematic block diagram of a mobile terminal according to an example embodiment
  • FIG. 3 illustrates a block diagram of a terminal apparatus according to an example embodiment
  • FIG. 4 illustrates a signaling diagram of signals that may be exchanged between network entities according to an example embodiment for handling an unavailable key
  • FIG. 5 illustrates a signaling diagram of signals that may be exchanged between network entities according to an example embodiment for handling an unavailable key
  • FIG. 6 illustrates a signaling diagram of signals that may be exchanged between network entities according to an example embodiment for handling an unavailable key
  • FIG. 7 illustrates a flowchart according to an example method for handling an unavailable key according to an example embodiment
  • FIG. 8 illustrates a flowchart according to an example method for handling an unavailable key according to an example embodiment
  • FIG. 9 illustrates a flowchart according to an example method for handling an unavailable key according to an example embodiment
  • FIG. 10 illustrates a flowchart according to an example method for handling an unavailable key according to an example embodiment.
  • the terms "data,” “content,” “information” and similar terms may be used interchangeably to refer to data capable of being transmitted, received, displayed and/or stored in accordance with various example embodiments. Thus, use of any such terms should not be taken to limit the spirit and scope of the disclosure.
  • a computing device is described herein to receive data from another computing device, it will be appreciated that the data may be received directly from the another computing device or may be received indirectly via one or more intermediary computing devices, such as, for example, one or more servers, relays, routers, network access points, base stations, and/or the like.
  • the term "computer-readable medium” as used herein refers to any medium configured to participate in providing information to a processor, including instructions for execution.
  • Such a medium may take many forms, including, but not limited to a non- transitory computer-readable storage medium (for example, non-volatile media, volatile media), and transmission media.
  • Transmission media include, for example, coaxial cables, copper wire, fiber optic cables, and carrier waves that travel through space without wires or cables, such as acoustic waves and electromagnetic waves, including radio, optical and infrared waves.
  • Signals include man-made transient variations in amplitude, frequency, phase, polarization or other physical properties transmitted through the transmission media.
  • Examples of computer-readable media include a floppy disk, a flexible disk, hard disk, magnetic tape, any other magnetic medium, a compact disc read only memory (CD-ROM), compact disc compact disc-rewritable (CD-RW), digital versatile disc (DVD), Blu-Ray, any other optical medium, punch cards, paper tape, optical mark sheets, any other physical medium with patterns of holes or other optically recognizable indicia, a random access memory (RAM), a programmable read only memory (PROM), an erasable programmable read only memory (EPROM), a FLASH-EPROM, any other memory chip or cartridge, a carrier wave, or any other medium from which a computer can read.
  • CD-ROM compact disc read only memory
  • CD-RW compact disc compact disc-rewritable
  • DVD digital versatile disc
  • Blu-Ray any other optical medium, punch cards, paper tape, optical mark sheets, any other physical medium with patterns of holes or other optically recognizable indicia
  • RAM random access memory
  • PROM programmable read
  • computer- readable storage medium is used herein to refer to any computer-readable medium except transmission media. However, it will be appreciated that where embodiments are described to use a computer-readable storage medium, other types of computer-readable mediums may be substituted for or used in addition to the computer-readable storage medium in alternative embodiments.
  • circuitry refers to (a) hardware-only circuit implementations (for example, implementations in analog circuitry and/or digital circuitry); (b) combinations of circuits and computer program product(s) comprising software and/or firmware instructions stored on one or more computer readable memories that work together to cause an apparatus to perform one or more functions described herein; and (c) circuits, such as, for example, a microprocessor(s) or a portion of a microprocessor(s), that require software or firmware for operation even if the software or firmware is not physically present.
  • This definition of 'circuitry' applies to all uses of this term herein, including in any claims.
  • the term 'circuitry' also includes an implementation comprising one or more processors and/or portion(s) thereof and accompanying software and/or firmware.
  • the term 'circuitry' as used herein also includes, for example, a baseband integrated circuit or applications processor integrated circuit for a mobile phone or a similar integrated circuit in a server, a cellular network device, other network device, and/or other computing device.
  • a terminal apparatus such as a user equipment (UE) may be connected to a network access point, such as a base station, node B, evolved node B (eNB), router, or the like.
  • the access point may comprise an access point for a cellular network, such as a Long Term Evolution (LTE) cellular network, Long Term Evolution Advanced (LTE-A) network, or the like.
  • LTE Long Term Evolution
  • LTE-A Long Term Evolution Advanced
  • the terminal apparatus may receive a message from the access point or other network entity indicating that a handover, such as an intra-cell handover is to be performed and that one or more security keys used to facilitate secure communication between the terminal apparatus and the network is to be changed.
  • the one or more security keys may need to be changed on the basis of a fresh base key.
  • the terminal apparatus may not have the fresh base key.
  • the terminal apparatus may not be able to derive new security keys and, thus, if the terminal apparatus proceeds with the handover, errors in security key synchronization used in the network connection and/or a failure of cryptographic security may result.
  • various example embodiments disclosed herein may facilitate handling an unavailable key. More particularly, various example embodiments disclosed herein may facilitate handling an unavailable key in a situation where a handover is to be performed and at least one security key is to be changed, but a base key needed to derive a new security key is unavailable.
  • FIG. 1 illustrates a block diagram of a system 100 for handling an unavailable key according to an example embodiment.
  • the system 100 as well as the illustrations in other figures are each provided as an example of one embodiment and should not be construed to narrow the scope or spirit of the disclosure in any way.
  • the scope of the disclosure encompasses many potential embodiments in addition to those illustrated and described herein.
  • FIG. 1 illustrates one example of a configuration of a system for handling an unavailable key, numerous other configurations may also be used to implement embodiments of the present invention.
  • FIG. 1 represents a general block diagram of an evolved universal mobile telecommunications system (UMTS) terrestrial radio access network (E-
  • E-UTRAN and LTE are merely examples of a network technology with which various example embodiments disclosed herein may be implemented.
  • various example embodiments may be implemented with other network technologies and, where reference is made herein to a specific network technology, elements thereof, and/or standards thereof, that reference is made for purposes of example and not by way of limitation. Accordingly, the system of FIG. 1 is provided merely by way of example and the terminal apparatus 102 as will be further described herein below is not limited to operation in the system of FIG. 1.
  • the system includes an E-UTRAN 76 which may include, among other things, a plurality of evolved node-Bs (eNBs) in communication with an evolved packet core (EPC) 78 which may include one or more mobility management entities (MMEs) 80 and one or more system architecture evolution (SAE) gateways.
  • An MME 80 may serve as an access security management entity (ASME).
  • One or more of the eNBs (including source evolved node-B 72 and target evolved node-B 74) may be in communication with the terminal apparatus 102. It will be appreciated that the eNB 72 and eNB 74 are provided for purposes of example access points that may be used in the system 100 in connection with various example embodiments.
  • eNB in the description and figures is by way of illustration and not by way of example.
  • Other types of access points such as node Bs, base stations, routers, and/or the like may be substituted for an eNB in various example embodiments.
  • the eNBs may provide E-UTRA user plane and control plane (radio resource control (RRC)) protocol terminations for the terminal apparatus 102.
  • RRC radio resource control
  • the eNBs may provide functionality hosting for such functions as radio resource management, radio bearer control, radio admission control, connection mobility control, dynamic allocation of resources to a terminal apparatus 102 in both uplink and downlink, selection of an MME 80 responsive to terminal apparatus attachment, Internet Protocol (IP) header compression and encryption, scheduling of paging and broadcast information, routing of data, measurement and measurement reporting for configuration mobility, and/or the like.
  • IP Internet Protocol
  • the MME 80 may host functions such as distribution of messages to respective evolved node-Bs, security control, idle state mobility control, system architecture evolution (SAE) bearer control, ciphering and integrity protection of non-access stratum (NAS) signaling, and the like.
  • SAE system architecture evolution
  • NAS non-access stratum
  • MME Mobility Management Entity
  • the MME 80 may, for example, be alternatively embodied as a serving General Packet Radio Service (GPRS) support node (SGSN).
  • GPRS General Packet Radio Service
  • SGSN General Packet Radio Service
  • the EPC 78 may provide connection to a network, such as the Internet.
  • an access point such as the source eNB 72 and/or the target eNB 74 may comprise a processor and/or other hardware configured to carry out various functions of the access point.
  • Such functions may be, for example, associated with stored instructions (e.g., instructions stored on a computer readable storage medium of the access point), which when executed by the processor carry out the corresponding functions associated with the instructions.
  • An access point such as the source eNB 72 may be configured to may determine whether to request a handover with another access point, such as the target eNB 74. This determination may, for example, be based on measurement reports received from the terminal apparatus 102. In this regard, for example, if measurement reports received at the source eNB 72 indicate the presence of a condition for which a handover is desirable (e.g., low signal strength), the source eNB 72 may send a handover request to the target eNB 74.
  • An encryption key which may be used to facilitate communication with the terminal apparatus 102, may be included with the handover request.
  • an access point such as the target eNB 74, may be configured to utilize encryption keys received from another network device, such as the source eNB 72 or an MME 80, to communicate with a terminal apparatus 102 and/or to use parameters received from another network device to derive or otherwise calculate encryption keys to use in communications with a terminal apparatus 102.
  • another network device such as the source eNB 72 or an MME 80
  • An access point such as the source eNB 72, may further be configured to exchange messages related to a handover with a terminal apparatus 102.
  • an access point may be configured to send a message triggering a handover of the terminal apparatus 102 to another access point, such as to the target eNB 74, to a terminal apparatus 102.
  • the message may comprise a handover command, a connection reconfiguration message, a radio resource control connection reconfiguration
  • the access point may, for example, be configured to send such a message in response to a handover decision made based at least in part on measurement reports received from the terminal apparatus 102, a radio link failure, and/or the like.
  • a terminal apparatus 102 may be configured to connect to a network by establishing a connection with an access point (e.g., with a source eNB 72, target eNB 74, and/or the like).
  • the terminal apparatus 102 may be configured to establish a radio resource control (R C) connection with an access point.
  • R C radio resource control
  • a terminal apparatus 102 may be embodied as any computing device, such as, for example, a desktop computer, laptop computer, mobile terminal, mobile computer, mobile phone, mobile communication device, game device, digital camera/camcorder, audio/video player, television device, radio receiver, digital video recorder, positioning device, wrist watch, portable digital assistant (PDA), any combination thereof, and/or the like.
  • a terminal apparatus 102 may be embodied as a mobile terminal, such as that illustrated in FIG. 2
  • FIG. 2 illustrates a block diagram of a mobile terminal 10 representative of one embodiment of a terminal apparatus 102.
  • the mobile terminal 10 illustrated and hereinafter described is merely illustrative of one type of terminal apparatus 102 that may implement and/or benefit from various embodiments and, therefore, should not be taken to limit the scope of the disclosure.
  • While several embodiments of the electronic device are illustrated and will be hereinafter described for purposes of example, other types of electronic devices, such as mobile telephones, mobile computers, portable digital assistants (PDAs), pagers, laptop computers, desktop computers, gaming devices, televisions, and other types of electronic systems, may employ various embodiments of the invention.
  • PDAs portable digital assistants
  • the mobile terminal 10 may include an antenna 12 (or multiple antennas 12) in communication with a transmitter 14 and a receiver 16.
  • the mobile terminal 10 may also include a processor 20 configured to provide signals to and receive signals from the transmitter and receiver, respectively.
  • the processor 20 may, for example, be embodied as various means including circuitry, one or more microprocessors with accompanying digital signal processor(s), one or more processor(s) without an accompanying digital signal processor, one or more coprocessors, one or more multi-core processors, one or more controllers, processing circuitry, one or more computers, various other processing elements including integrated circuits such as, for example, an ASIC (application specific integrated circuit) or FPGA (field programmable gate array), or some combination thereof. Accordingly, although illustrated in FIG.
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the processor 20 comprises a plurality of processors.
  • These signals sent and received by the processor 20 may include signaling information in accordance with an air interface standard of an applicable cellular system, and/or any number of different wireline or wireless networking techniques, comprising but not limited to Wi-Fi, wireless local access network (WLA ) techniques such as Institute of Electrical and Electronics Engineers (IEEE) 802.11, 802.16, and/or the like.
  • WLA wireless local access network
  • these signals may include speech data, user generated data, user requested data, and/or the like.
  • the mobile terminal may be capable of operating with one or more air interface standards, communication protocols, modulation types, access types, and/or the like.
  • the mobile terminal may be capable of operating in accordance with various first generation (1G), second generation (2G), 2.5G, third-generation (3G) communication protocols, fourth-generation (4G) communication protocols, Internet Protocol Multimedia Subsystem (IMS) communication protocols (for example, session initiation protocol (SIP)), and/or the like.
  • the mobile terminal may be capable of operating in accordance with 2G wireless communication protocols IS- 136 (Time Division Multiple Access (TDM A)), Global System for Mobile communications (GSM), IS-95 (Code Division Multiple Access (CDMA)), and/or the like.
  • TDM A Time Division Multiple Access
  • GSM Global System for Mobile communications
  • CDMA Code Division Multiple Access
  • the mobile terminal may be capable of operating in accordance with 2.5G wireless communication protocols General Packet Radio Service (GPRS), Enhanced Data GSM Environment (EDGE), and/or the like.
  • GPRS General Packet Radio Service
  • EDGE Enhanced Data GSM Environment
  • the mobile terminal may be capable of operating in accordance with 3G wireless communication protocols such as Universal Mobile Telecommunications System (UMTS), Code Division Multiple Access 2000 (CDMA2000), Wideband Code Division Multiple Access (WCDMA), Time Division- Synchronous Code Division Multiple Access (TD-SCDMA), and/or the like.
  • the mobile terminal may be additionally capable of operating in accordance with 3.9G wireless communication protocols such as Long Term Evolution (LTE) or Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and/or the like.
  • LTE Long Term Evolution
  • E-UTRAN Evolved Universal Terrestrial Radio Access Network
  • the mobile terminal may be capable of operating in accordance with fourth-generation (4G) wireless communication protocols and/or the like as well as similar wireless
  • NAMPS Narrow-band Advanced Mobile Phone System
  • TACS Total Access Communication System
  • mobile terminals may also benefit from embodiments of this invention, as should dual or higher mode phones (for example, digital/analog or TDMA/CDMA/analog phones). Additionally, the mobile terminal 10 may be capable of operating according to Wi-Fi or Worldwide Interoperability for
  • WiMAX Microwave Access
  • the processor 20 may comprise circuitry for implementing audio/video and logic functions of the mobile terminal 10.
  • the processor 20 may comprise a digital signal processor device, a microprocessor device, an analog-to- digital converter, a digital-to-analog converter, and/or the like. Control and signal processing functions of the mobile terminal may be allocated between these devices according to their respective capabilities.
  • the processor may additionally comprise an internal voice coder (VC) 20a, an internal data modem (DM) 20b, and/or the like.
  • the processor may comprise functionality to operate one or more software programs, which may be stored in memory.
  • the processor 20 may be capable of operating a connectivity program, such as a web browser.
  • the connectivity program may allow the mobile terminal 10 to transmit and receive web content, such as location-based content, according to a protocol, such as Wireless Application Protocol (WAP), hypertext transfer protocol (HTTP), and/or the like.
  • WAP Wireless Application Protocol
  • HTTP hypertext transfer protocol
  • the mobile terminal 10 may be capable of using a Transmission Control Protocol/Internet Protocol (TCP/IP) to transmit and receive web content across the internet or other networks.
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • the mobile terminal 10 may also comprise a user interface including, for example, an earphone or speaker 24, a ringer 22, a microphone 26, a display 28, a user input interface, and/or the like, which may be operationally coupled to the processor 20.
  • the processor 20 may comprise user interface circuitry configured to control at least some functions of one or more elements of the user interface, such as, for example, the speaker 24, the ringer 22, the microphone 26, the display 28, and/or the like.
  • the processor 20 and/or user interface circuitry comprising the processor 20 may be configured to control one or more functions of one or more elements of the user interface through computer program instructions (for example, software and/or firmware) stored on a memory accessible to the processor 20 (for example, volatile memory 40, non-volatile memory 42, and/or the like).
  • the mobile terminal may comprise a battery for powering various circuits related to the mobile terminal, for example, a circuit to provide mechanical vibration as a detectable output.
  • the user input interface may comprise devices allowing the mobile terminal to receive data, such as a keypad 30, a touch display (not shown), a joystick (not shown), and/or other input device.
  • the keypad may comprise numeric (0-9) and related keys (#, *), and/or other keys for operating the mobile terminal.
  • the mobile terminal 10 may also include one or more means for sharing and/or obtaining data.
  • the mobile terminal may comprise a short-range radio frequency (RF) transceiver and/or interrogator 64 so data may be shared with and/or obtained from electronic devices in accordance with RF techniques.
  • the mobile terminal may comprise other short-range transceivers, such as, for example, an infrared (IR) transceiver 66, a BluetoothTM (BT) transceiver 68 operating using IR and/or RF techniques.
  • IR infrared
  • BT BluetoothTM
  • USB universal serial bus
  • BluetoothTM transceiver 68 may be capable of operating according to ultra-low power BluetoothTM technology (for example, WibreeTM) radio standards.
  • the mobile terminal 10 and, in particular, the short-range transceiver may be capable of transmitting data to and/or receiving data from electronic devices within a proximity of the mobile terminal, such as within 10 meters, for example.
  • the mobile terminal may be capable of transmitting and/or receiving data from electronic devices according to various wireless networking techniques, including Wi-Fi, WLAN techniques such as IEEE 802.11 techniques, IEEE 802.15 techniques, IEEE 802.16 techniques, and/or the like.
  • the mobile terminal 10 may comprise memory, such as a subscriber identity module (SIM) 38, a removable user identity module (R-UIM), and/or the like, which may store information elements related to a mobile subscriber. In addition to the SIM, the mobile terminal may comprise other removable and/or fixed memory.
  • the mobile terminal 10 may include volatile memory 40 and/or non- volatile memory 42.
  • volatile memory 40 may include Random Access Memory (RAM) including dynamic and/or static RAM, on-chip or off-chip cache memory, and/or the like.
  • RAM Random Access Memory
  • Non-volatile memory 42 which may be embedded and/or removable, may include, for example, readonly memory, flash memory, magnetic storage devices (for example, hard disks, floppy disk drives, magnetic tape, etc.), optical disc drives and/or media, non- volatile random access memory (NVRAM), and/or the like. Like volatile memory 40 non-volatile memory 42 may include a cache area for temporary storage of data.
  • the memories may store one or more software programs, instructions, pieces of information, data, and/or the like which may be used by the mobile terminal for performing functions of the mobile terminal.
  • the memories may comprise an identifier, such as an international mobile equipment identification (IMEI) code, capable of uniquely identifying the mobile terminal 10.
  • IMEI international mobile equipment identification
  • FIG. 3 illustrates a block diagram of a terminal apparatus 102 according to an example embodiment.
  • the terminal apparatus 102 includes various means for performing the various functions herein described. These means may comprise one or more of a processor 110, memory 112, communication interface 1 14, user interface 1 16, or connection management circuitry 1 18.
  • the means of the terminal apparatus 102 as described herein may be embodied as, for example, circuitry, hardware elements (e.g., a suitably programmed processor,
  • a computer program product comprising computer-readable program instructions (e.g., software or firmware) stored on a computer- readable medium (for example memory 1 12) that is executable by a suitably configured processing device (e.g., the processor 1 10), or some combination thereof.
  • computer-readable program instructions e.g., software or firmware
  • a suitably configured processing device e.g., the processor 1 10
  • one or more of the means illustrated in FIG. 3 may be embodied as a chip or chip set.
  • the terminal apparatus 102 may comprise one or more physical packages (for example, chips) including materials, components and/or wires on a structural assembly (for example, a baseboard).
  • the structural assembly may provide physical strength, conservation of size, and/or limitation of electrical interaction for component circuitry included thereon.
  • the processor 1 10, memory 1 12, communication interface 1 14, user interface 1 16, and/or connection management circuitry 1 18 may be embodied as a chip or chip set.
  • the terminal apparatus 102 may therefore, in some example embodiments, be configured to implement embodiments of the present invention on a single chip or as a single "system on a chip.”
  • the terminal apparatus 102 may comprise component(s) configured to implement embodiments of the present invention on a single chip or as a single "system on a chip.”
  • a chip or chipset may constitute means for performing one or more operations for providing the
  • the processor 1 10 may, for example, be embodied as various means including one or more microprocessors with accompanying digital signal processor(s), one or more processor(s) without an accompanying digital signal processor, one or more coprocessors, one or more multi-core processors, one or more controllers, processing circuitry, one or more computers, various other processing elements including integrated circuits such as, for example, an ASIC (application specific integrated circuit) or FPGA (field
  • the processor 1 10 comprises a plurality of processors.
  • the plurality of processors may be in operative communication with each other and may be collectively configured to perform one or more functionalities of the terminal apparatus 102 as described herein.
  • the processor 110 may be embodied as or comprise the processor 20.
  • the processor 110 is configured to execute instructions stored in the memory 112 or otherwise accessible to the processor 110. These instructions, when executed by the processor 110, may cause the terminal apparatus 102 to perform one or more of the functionalities of the terminal apparatus 102 as described herein.
  • the processor 110 may comprise an entity capable of performing operations according to embodiments of the present invention while configured accordingly.
  • the processor 110 when the processor 110 is embodied as an ASIC, FPGA or the like, the processor 110 may comprise specifically configured hardware for conducting one or more operations described herein.
  • the processor 110 when the processor 110 is embodied as an executor of instructions, such as may be stored in the memory 112, the instructions may specifically configure the processor 110 (e.g., a hardware processor) to perform one or more algorithms and operations described herein.
  • the memory 112 may comprise, for example, volatile memory, non- volatile memory, or some combination thereof.
  • the memory 112 may comprise a non-transitory computer-readable storage medium.
  • the memory 112 may comprise a plurality of memories.
  • the plurality of memories may be embodied on a single computing device or may be distributed across a plurality of computing devices collectively configured to function as the terminal apparatus 102.
  • the memory 112 may comprise a hard disk, random access memory, cache memory, flash memory, a compact disc read only memory (CD-ROM), digital versatile disc read only memory (DVD-ROM), an optical disc, circuitry configured to store information, or some combination thereof.
  • the memory 112 may comprise the volatile memory 40 and/or the non-volatile memory 42.
  • the memory 112 may be configured to store information, data, applications, instructions, or the like for enabling the terminal apparatus 102 to carry out various functions in accordance with various example embodiments.
  • the memory 112 may be configured to store information, data, applications, instructions, or the like for enabling the terminal apparatus 102 to carry out various functions in accordance with various example embodiments.
  • the memory 112 may comprise the volatile memory 40 and/or the non-volatile memory 42.
  • the memory 112 may be configured to store information, data, applications, instructions, or the like for enabling the terminal apparatus 102 to carry out various functions in accordance with various example embodiments.
  • the memory 112 may comprise the volatile memory 40 and/or the non-volatile memory 42.
  • the memory 112 may be configured to store information, data, applications, instructions, or the like for enabling the terminal apparatus 102 to carry out various functions in accordance with various example embodiments.
  • the memory 112 may
  • the memory 112 is configured to buffer input data for processing by the processor 110. Additionally or alternatively, the memory 112 may be configured to store program instructions for execution by the processor 110. The memory 112 may store information in the form of static and/or dynamic information. This stored information may be stored and/or used by the connection management circuitry 118 during the course of performing its
  • the communication interface 114 may be embodied as any device or means embodied in circuitry, hardware, a computer program product comprising computer readable program instructions stored on a computer readable medium (for example, the memory 112) and executed by a processing device (for example, the processor 110), or a combination thereof that is configured to receive and/or transmit data from/to another computing device.
  • the communication interface 114 is at least partially embodied as or otherwise controlled by the processor 110.
  • the communication interface 114 may be in communication with the processor 110, such as via a bus.
  • the communication interface 114 may include, for example, an antenna, a transmitter, a receiver, a transceiver and/or supporting hardware or software for enabling communications with one or more remote computing devices.
  • the communication interface 114 may be configured to receive and/or transmit data using any protocol that may be used for communications between computing devices.
  • the communication interface 114 may be configured to receive and/or transmit data using any protocol that may be used for transmission of data over a wireless network, wireline network, some combination thereof, or the like by which the terminal apparatus 102 and one or more computing devices or computing resources may be in communication.
  • the communication interface 114 may be configured to enable radio
  • the communication interface 114 may additionally be in communication with the memory 112, user interface 116, and/or connection management circuitry 118, such as via a bus.
  • the user interface 116 may be in communication with the processor 110 to receive an indication of a user input and/or to provide an audible, visual, mechanical, or other output to a user.
  • the user interface 116 may include, for example, a keyboard, a mouse, a joystick, a display, a touch screen display, a microphone, a speaker, and/or other input/output mechanisms.
  • the user interface 116 may additionally be configured to detect and/or receive an indication of a touch gesture or other input to the touch screen display.
  • the user interface 116 may be in communication with the memory 112, communication interface 114, and/or connection management circuitry 118, such as via a bus.
  • connection management circuitry 118 may be embodied as various means, such as circuitry, hardware, a computer program product comprising computer readable program instructions stored on a computer readable medium (for example, the memory 112) and executed by a processing device (for example, the processor 110), or some combination thereof and, in some embodiments, is embodied as or otherwise controlled by the processor 110.
  • the connection management circuitry 118 may be in communication with the processor 110.
  • the connection management circuitry 118 may further be in communication with one or more of the memory 112,
  • communication interface 114 or user interface 116, such as via a bus.
  • the connection management circuitry 118 is configured to receive a message sent by an access point, such as an eNB of the E-UTRA 76.
  • the message may, for example, comprise a connection reconfiguration message, such as an RRCConnectionReconfiguration message.
  • the connection management circuitry 118 may be configured to determine the contents of one or more fields of the received message.
  • the connection management circuitry 118 may be configured to determine whether the received message includes a field indicating that a handover, such as an intra-cell handover, is to be performed.
  • the received message comprises an RRCConnectionReconfiguration message
  • RRCConnectionReconfiguration message may comprise a mobilityControUnfo field, which may indicate that an intra-cell handover is to be performed.
  • the connection management circuitry 118 may be configured to determine whether the received message includes a field indicating that one or more security keys is to be changed (e.g., one or more new security keys is to be derived) for use in conjunction with and/or subsequent to the handover.
  • the received message comprises an RRCConnectionReconfiguration message
  • RRCConnectionReconfiguration message may comprise a keyChangelndicator field. If the keyChangelndicator field has a value set to TRUE, the connection management circuitry 118 may determine that one or more security keys is to be changed.
  • the one or more security keys to be changed may be changed through derivation from a base key.
  • the base key may, for example, comprise a key established or otherwise shared with an access security management entity
  • the base key may, for example, comprise the key K ASME -
  • a fresh base key which may comprise a base key that has not been used to derive one or more existing security keys, may be needed to derive the one or more security keys to be changed.
  • a fresh base key may comprise a fresh K ASME resulting from a previous successful non access stratum (NAS) security mode control (SMC) procedure.
  • NAS non access stratum
  • SMC security mode control
  • the fresh K ASME may be used to derive a new IQ NB in an instance in which a security key is to be changed in response to a handover.
  • connection management circuitry 118 may determine whether the fresh base key is available.
  • the fresh base key may not be available in an instance in which the fresh base key was not obtained, was corrupted, or is missing. If no base key is available or if only a base key that has already been used to derive a security key is available, the connection management circuitry 118 may determine that a fresh base key is not available.
  • connection management circuitry 118 may be configured to handle a received message comprising an indication that a handover is to be performed and an indication that a security key is to be changed as an exception.
  • connection management circuitry 118 may be configured to handle a received message as an exception by initiating a connection re- establishment procedure responsive to a determination that a fresh base key is not available.
  • the connection management circuitry 118 may be configured to initiate a connection re-establishment procedure by causing a connection reestablishment request to be sent to a network access point (e.g., the source eNB 72, target eNB 74, or the like).
  • the connection reestablishment request may, for example, comprise a radio resource control connection reestablishment request (R CConnectionReestablishmentRequest) message.
  • the connection management circuitry 1 18 may further revert back to a configuration (e.g., a security context) used in the source cell (e.g., in the source eNB 72).
  • FIG. 4 a signaling diagram is illustrated of signals that may be exchanged between network entities according to an example embodiment for handling an unavailable key. While FIG. 4 illustrates signals exchanged in accordance with a radio access network operating in accordance with E-UTRAN standards, it will be appreciated that this example is provided by way of example and not by way of limitation. Accordingly, similar signals may be exchanged in accordance with other standards.
  • the terminal apparatus 102 does not have a fresh K ASME -
  • the terminal apparatus may receive an
  • the connection management circuitry 118 may determine at operation 410 that the RRCConnectionReconfiguration message includes a mobilityControUnfo field indicating that an intra-cell handover is to be performed and a securityConfigHO field with a keyChangelndicator value set to TRUE. Responsive to this determination, the connection management circuitry 118 may determine whether a fresh K ASME is available. As a fresh K ASME is unavailable, the connection management circuitry 118 may further handle the received RRCConnectionReconfiguration message as an exception by initiating a connection re-establishment procedure.
  • connection management circuitry 118 may cause an RRCConnectionReestablishmentRequest message to be sent to the E-UTRAN 76, at operation 420.
  • the connection management circuitry 118 may further start a timer (e.g., the timer T304) at operation 410 in response to receipt of the RRCConnectionReconfiguration message. The value of this timer may be specified by a parameter included in the RRCConnectionReconfiguration message.
  • the connection management circuitry 118 may stop this timer (e.g., prior to expiry of the timer) at operation 420.
  • the connection management circuitry 118 may be configured to handle a received message as an exception by releasing a connection with a network access point (e.g., the source eNB 72, target eNB 74, or the like).
  • Releasing the connection may comprise releasing a radio resource control (RRC) connection.
  • RRC radio resource control
  • releasing the connection may comprise causing the terminal apparatus 102 to leave a resource control connected (RRC Connected) state. Release of the RRC connection may, for example, be requested by upper layers.
  • FIG. 5 a signaling diagram is illustrated of signals that may be exchanged between network entities according to an example embodiment for handling an unavailable key. While FIG. 5 illustrates signals exchanged in accordance with a radio access network operating in accordance with E-UTRAN standards, it will be appreciated that this example is provided by way of example and not by way of limitation.
  • the terminal apparatus 102 does not have a fresh
  • the terminal apparatus may receive an RRCConnectionReconfiguration message sent by the E-UTRAN 76 (e.g., by an eNB of the E-UTRAN 76).
  • the connection management circuitry 118 may determine at operation 510 that the RRCConnectionReconfiguration message includes a mobilityControUnfo field indicating that an intra-cell handover is to be performed and a securityConfigHO field with a keyChangelndicator value set to TRUE. Responsive to this determination, the connection management circuitry 118 may determine whether a fresh K ASME is available.
  • the connection management circuitry 118 may further handle the received RRCConnectionReconfiguration message as an exception by releasing the RRC connection, at operation 520.
  • the connection management circuitry 118 may further start a timer (e.g., the timer T304) at operation 510 in response to receipt of the RRCConnectionReconfiguration message.
  • the value of this timer may be specified by a parameter included in the RRCConnectionReconfiguration message.
  • the connection management circuitry 118 may stop this timer (e.g., prior to expiry of the timer) at operation 520.
  • the connection management circuitry 118 may be configured to handle a received message as an exception by ignoring the received message.
  • the connection management circuitry 118 may determine that the received message includes a field set to a value that is not comprehended.
  • the received message may comprise a field indicating that a security key is to be changed (e.g., a keyChangelndicator field having a value set to TRUE).
  • a keyChangelndicator field having a value set to TRUE.
  • the connection management circuitry 118 may ignore a received message having a field with a value that is not comprehended.
  • FIG. 6 a signaling diagram is illustrated of signals that may be exchanged between network entities according to an example embodiment for handling an unavailable key. While FIG. 6 illustrates signals exchanged in accordance with a radio access network operating in accordance with E-UTRAN standards, it will be appreciated that this example is provided by way of example and not by way of limitation.
  • the terminal apparatus 102 does not have a fresh K ASME -
  • the terminal apparatus may receive an
  • the connection management circuitry 1 18 may determine at operation 610 that the RRCConnectionReconfiguration message includes a mobilityControlInfo field indicating that an intra-cell handover is to be performed and a securityConfigHO field with a keyChangelndicator value set to TRUE. Responsive to this determination, the connection management circuitry 1 18 may determine whether a fresh K ASME is available. As a fresh K ASME is unavailable, the connection management circuitry 1 18 may further determine that the value of the KeyChangelndicator field is not comprehended. As such, the connection management circuitry 1 18 may handle the received
  • FIG. 7 illustrates a flowchart according to an example method for handling an unavailable key according to an example embodiment.
  • the operations illustrated in and described with respect to FIG. 7 may, for example, be performed by, with the assistance of, and/or under the control of one or more of the processor 1 10, memory 1 12, communication interface 1 14, or connection management circuitry 1 18.
  • Operation 700 may comprise determining that a received message comprises an indication that a handover is to be performed and an indication that a security key is to be changed on the basis of a fresh base key.
  • the processor 1 10, memory 1 12, communication interface 1 14, and/or connection management circuitry 1 18 may, for example, provide means for performing operation 700.
  • Operation 710 may comprise determining that the fresh base key is not available.
  • the processor 1 10, memory 1 12, and/or connection management circuitry 1 18 may, for example, provide means for performing operation 710. Operation 720 may comprise handling the received message as an exception in response to the determination that the fresh base key is not available.
  • the processor 1 10, memory 1 12, communication interface 1 14, and/or connection management circuitry 1 18 may, for example, provide means for performing operation 720.
  • FIG. 8 illustrates a flowchart according to an example method for handling an unavailable key according to an example embodiment.
  • the operations illustrated in and described with respect to FIG. 8 may, for example, be performed by, with the assistance of, and/or under the control of one or more of the processor 1 10, memory 1 12, communication interface 1 14, or connection management circuitry 1 18.
  • Operation 800 may comprise determining that a received message comprises an indication that a handover is to be performed and an indication that a security key is to be changed on the basis of a fresh base key.
  • the processor 1 10, memory 1 12, communication interface 1 14, and/or connection management circuitry 118 may, for example, provide means for performing operation 800.
  • Operation 810 may comprise determining that the fresh base key is not available.
  • the processor 110, memory 112, and/or connection management circuitry 118 may, for example, provide means for performing operation 810. Operation 820 may comprise handling the received message as an exception by initiating a connection re-establishment procedure in response to the determination that the fresh base key is not available.
  • the processor 110, memory 112, communication interface 114, and/or connection management circuitry 118 may, for example, provide means for performing operation 820.
  • FIG. 9 illustrates a flowchart according to an example method for handling an unavailable key according to an example embodiment.
  • the operations illustrated in and described with respect to FIG. 9 may, for example, be performed by, with the assistance of, and/or under the control of one or more of the processor 110, memory 112, communication interface 114, or connection management circuitry 118.
  • Operation 900 may comprise determining that a received message comprises an indication that a handover is to be performed and an indication that a security key is to be changed on the basis of a fresh base key.
  • the processor 110, memory 112, communication interface 114, and/or connection management circuitry 118 may, for example, provide means for performing operation 900.
  • Operation 910 may comprise determining that the fresh base key is not available.
  • the processor 110, memory 112, and/or connection management circuitry 118 may, for example, provide means for performing operation 910. Operation 920 may comprise handling the received message as an exception by releasing a connection with a network access point in response to the determination that the fresh base key is not available.
  • the processor 110, memory 112, communication interface 114, and/or connection management circuitry 118 may, for example, provide means for performing operation 920.
  • FIG. 10 illustrates a flowchart according to an example method for handling an unavailable key according to an example embodiment.
  • the operations illustrated in and described with respect to FIG. 10 may, for example, be performed by, with the assistance of, and/or under the control of one or more of the processor 110, memory 112,
  • Operation 1000 may comprise determining that a received message comprises an indication that a handover is to be performed and an indication that a security key is to be changed on the basis of a fresh base key.
  • the processor 110, memory 112, communication interface 114, and/or connection management circuitry 118 may, for example, provide means for performing operation 1000.
  • Operation 1010 may comprise determining that the fresh base key is not available.
  • the processor 110, memory 112, and/or connection management circuitry 118 may, for example, provide means for performing operation 1010.
  • Operation 1020 may comprise handling the received message as an exception by ignoring the received message in response to the determination that the fresh base key is not available.
  • the processor 110, memory 112, communication interface 114, and/or connection management circuitry 118 may, for example, provide means for performing operation 1020.
  • FIGs. 7-10 each illustrate a flowchart of a system, method, and computer program product according to an example embodiment. It will be understood that each block of the flowcharts, and combinations of blocks in the flowcharts, may be
  • the procedures described herein may be embodied by computer program instructions of a computer program product.
  • the computer program product(s) which embody the procedures described herein may be stored by one or more memory devices of a mobile terminal, server, or other computing device (for example, in the memory 112) and executed by a processor in the computing device (for example, by the processor 110).
  • the computer program instructions comprising the computer program product(s) which embody the procedures described above may be stored by memory devices of a plurality of computing devices.
  • any such computer program product may be loaded onto a computer or other programmable apparatus (for example, a terminal apparatus 102) to produce a machine, such that the computer program product including the instructions which execute on the computer or other programmable apparatus creates means for implementing the functions specified in the flowchart block(s).
  • the computer program product may comprise one or more computer-readable memories on which the computer program instructions may be stored such that the one or more computer-readable memories can direct a computer or other programmable apparatus to function in a particular manner, such that the computer program product comprises an article of manufacture which implements the function specified in the flowchart block(s).
  • the computer program instructions of one or more computer program products may also be loaded onto a computer or other programmable apparatus (for example, a terminal apparatus 102) to cause a series of operations to be performed on the computer or other programmable apparatus to produce a computer-implemented process such that the instructions which execute on the computer or other programmable apparatus implement the functions specified in the flowchart block(s).
  • a computer or other programmable apparatus for example, a terminal apparatus 102
  • blocks of the flowcharts support combinations of means for performing the specified functions. It will also be understood that one or more blocks of the flowcharts, and combinations of blocks in the flowcharts, may be implemented by special purpose hardware-based computer systems which perform the specified functions, or combinations of special purpose hardware and computer program product(s).
  • a suitably configured processor for example, the processor 110
  • all or a portion of the elements may be configured by and operate under control of a computer program product.
  • the computer program product for performing the methods of an example embodiment of the invention includes a computer-readable storage medium (for example, the memory 112), such as the nonvolatile storage medium, and computer-readable program code portions, such as a series of computer instructions, embodied in the computer-readable storage medium.
  • a method which comprises
  • determining that a received message comprises an indication that a handover is to be performed and an indication that a security key is to be changed on the basis of a fresh base key.
  • the method of this example embodiment further comprises determining that the fresh base key is not available.
  • the method of this example embodiment additionally comprises handling the received message as an exception in response to the determination that the fresh base key is not available.
  • Handling the received message as an exception may comprise a processor handling the received message as an exception.
  • handling the received message as an exception may comprise connection management circuitry handling the received message as an exception.
  • the message may comprise a connection reconfiguration message, such as a radio resource control connection reconfiguration (R CConnectionReconfiguration) message.
  • the handover may comprise a handover in a cellular network.
  • the cellular network may comprise a Long Term Evolution (LTE) network.
  • the indication that the handover is to be performed may comprise an indication that an intra-cell handover is to be performed.
  • the indication that the intra-cell handover is to be performed may comprise a mobilityControlInfo field indicating that an intra-cell handover is to be performed.
  • the indication that the security key is to be changed may comprise a security configuration field including a key change indicator set to TRUE.
  • the fresh base key may comprise a key established with an access security management entity (AS ME).
  • the access security management entity may comprise a mobility management entity (MME).
  • the fresh base key may comprise the key K ASME -
  • the security key indicated to be changed may comprise IQ NB and/or one or more keys at least indirectly derived using K ASME -
  • Handling the received message as an exception may comprise initiating a connection re-establishment procedure responsive to the determination that the fresh base key is not available.
  • Initiating the connection re-establishment procedure may comprise causing a connection reestablishment request to be sent to a network access point.
  • the network access point may comprise an evolved node B (eNB) of an evolved universal mobile telecommunications system (UMTS) terrestrial radio access network (E-UTRAN).
  • the connection reestablishment request may comprise a radio resource control connection reestablishment request (RRCConnectionReestablishmentRequest) message.
  • RRCConnectionReestablishmentRequest radio resource control connection reestablishment request
  • Handling the received message as an exception may comprise releasing a connection with a network access point.
  • Releasing the connection may comprise releasing a radio resource control connection.
  • releasing the connection may comprise leaving a radio resource control connected (RRC CONNECTED) state.
  • the network access point may comprise an evolved node B (eNB) of an evolved universal mobile telecommunications system (UMTS) terrestrial radio access network (E-UTRAN).
  • eNB evolved node B
  • UMTS evolved universal mobile telecommunications system
  • E-UTRAN terrestrial radio access network
  • Handling the received message as an exception may comprise ignoring the received message.
  • the method may further comprise determining responsive to the determination that the fresh base key is not available that the received message comprises a field having a value that is not comprehended. Ignoring the received message may be performed responsive to the determination that the received message comprises a field having a value that is not comprehended.
  • an apparatus comprising at least one processor and at least one memory storing computer program code.
  • the at least one memory and stored computer program code are configured, with the at least one processor, to cause the apparatus of this example embodiment to at least determine that a received message comprises an indication that a handover is to be performed and an indication that a security key is to be changed on the basis of a fresh base key.
  • the at least one memory and stored computer program code are configured, with the at least one processor, to further cause the apparatus of this example embodiment to determine that the fresh base key is not available.
  • the at least one memory and stored computer program code are configured, with the at least one processor, to additionally cause the apparatus of this example embodiment to handle the received message as an exception in response to the determination that the fresh base key is not available.
  • the message may comprise a connection reconfiguration message, such as a radio resource control connection reconfiguration (RRCConnectionReconfiguration) message.
  • the handover may comprise a handover in a cellular network.
  • the cellular network may comprise a Long Term Evolution (LTE) network.
  • the indication that the handover is to be performed may comprise an indication that an intra-cell handover is to be performed.
  • the indication that the intra-cell handover is to be performed may comprise a mobilityControUnfo field indicating that an intra-cell handover is to be performed.
  • the indication that the security key is to be changed may comprise a security configuration field including a key change indicator set to TRUE.
  • the fresh base key may comprise a key established with an access security management entity (AS ME).
  • the access security management entity may comprise a mobility management entity (MME).
  • the fresh base key may comprise the key K ASME -
  • the security key indicated to be changed may comprise IQ NB and/or one or more keys at least indirectly derived using K ASME -
  • the at least one memory and stored computer program code may be configured, with the at least one processor, to cause the apparatus of this example embodiment to handle the received message as an exception at least in part by initiating a connection re- establishment procedure responsive to the determination that the fresh base key is not available.
  • Initiating the connection re-establishment procedure may comprise causing a connection reestablishment request to be sent to a network access point.
  • the network access point may comprise an evolved node B (eNB) of an evolved universal mobile telecommunications system (UMTS) terrestrial radio access network (E-UTRAN).
  • the connection reestablishment request may comprise a radio resource control connection reestablishment request (RRCConnectionReestablishmentRequest) message.
  • the at least one memory and stored computer program code may be configured, with the at least one processor, to cause the apparatus of this example embodiment to handle the received message as an exception at least in part by releasing a connection with a network access point.
  • Releasing the connection may comprise releasing a radio resource control connection.
  • releasing the connection may comprise leaving a radio resource control connected (R C CO NECTED) state.
  • the network access point may comprise an evolved node B (eNB) of an evolved universal mobile telecommunications system (UMTS) terrestrial radio access network (E-UTRA ).
  • the at least one memory and stored computer program code may be configured, with the at least one processor, to cause the apparatus of this example embodiment to handle the received message as an exception at least in part by ignoring the received message.
  • the at least one memory and stored computer program code may be configured, with the at least one processor, to cause the apparatus of this example embodiment to determine responsive to the determination that the fresh base key is not available that the received message comprises a field having a value that is not
  • a computer program product in another example embodiment, includes at least one non- transitory computer-readable storage medium having computer-readable program instructions stored therein.
  • the program instructions of this example embodiment comprise program instructions configured to determine that a received message comprises an indication that a handover is to be performed and an indication that a security key is to be changed on the basis of a fresh base key.
  • the program instructions of this example embodiment further comprise program instructions configured to determine that the fresh base key is not available.
  • the program instructions of this example embodiment additionally comprise program instructions configured to handle the received message as an exception in response to the determination that the fresh base key is not available.
  • the message may comprise a connection reconfiguration message, such as a radio resource control connection reconfiguration (RRCConnectionReconfiguration) message.
  • the handover may comprise a handover in a cellular network.
  • the cellular network may comprise a Long Term Evolution (LTE) network.
  • the indication that the handover is to be performed may comprise an indication that an intra-cell handover is to be performed.
  • the indication that the intra-cell handover is to be performed may comprise a mobilityControUnfo field indicating that an intra-cell handover is to be performed.
  • the indication that the security key is to be changed may comprise a security configuration field including a key change indicator set to TRUE.
  • the fresh base key may comprise a key established with an access security management entity (AS ME).
  • the access security management entity may comprise a mobility management entity (MME).
  • the fresh base key may comprise the key K ASME -
  • the security key indicated to be changed may comprise IQ NB and/or one or more keys at least indirectly derived using K ASME -
  • the program instructions configured to handle the received message as an exception may comprise program instructions configured to initiate a connection re- establishment procedure responsive to the determination that the fresh base key is not available.
  • the program instructions configured to initiate the connection re-establishment procedure may comprise program instructions configured to cause a connection
  • the network access point may comprise an evolved node B (eNB) of an evolved universal mobile
  • connection reestablishment request may comprise a radio resource control connection reestablishment request (RRCConnectionReestablishmentRequest) message.
  • RRCConnectionReestablishmentRequest radio resource control connection reestablishment request
  • the program instructions configured to handle the received message as an exception may comprise program instructions configured to release a connection with a network access point.
  • the program instructions configured to release the connection may comprise program instructions configured to release a radio resource control connection.
  • the program instructions configured to release the radio resource control connection may comprise program instructions configured to leave a radio resource control connected (RRC CO NECTED) state.
  • the network access point may comprise an evolved node B (eNB) of an evolved universal mobile telecommunications system
  • UMTS terrestrial radio access network
  • E-UTRAN terrestrial radio access network
  • the program instructions configured to handle the received message as an exception may comprise program instructions configured to ignore the received message.
  • the program instructions may further comprise program instructions configured to determine responsive to the determination that the fresh base key is not available that the received message comprises a field having a value that is not
  • the program instructions configured to ignore the received message may comprise program instructions configured to ignore the received message responsive to the determination that the received message comprises a field having a value that is not comprehended.
  • an apparatus which comprises means for determining that a received message comprises an indication that a handover is to be performed and an indication that a security key is to be changed on the basis of a fresh base key.
  • the apparatus of this example embodiment further comprises means for determining that the fresh base key is not available.
  • the apparatus of this example embodiment additionally comprises means for handling the received message as an exception in response to the determination that the fresh base key is not available.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

L'invention concerne des procédés et des appareils destinés à traiter une clé indisponible. Un procédé peut comprendre une étape consistant à déterminer qu'un message reçu comprend une indication selon laquelle un transfert doit être effectué et une indication selon laquelle une clé de sécurité doit être changée en se basant sur une nouvelle clé de base (700). Le procédé peut également comprendre une étape consistant à déterminer que la nouvelle clé de base n'est pas disponible (710). Le procédé peut comprendre en outre une étape consistant à traiter le message reçu comme une exception en réaction à la détermination selon laquelle la nouvelle clé de base n'est pas disponible (720). Des appareils correspondants sont également décrits.
PCT/FI2011/050701 2010-09-09 2011-08-09 Procédés et appareils de traitement d'une clé indisponible Ceased WO2012032218A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US38125110P 2010-09-09 2010-09-09
US61/381,251 2010-09-09

Publications (1)

Publication Number Publication Date
WO2012032218A1 true WO2012032218A1 (fr) 2012-03-15

Family

ID=45810162

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2011/050701 Ceased WO2012032218A1 (fr) 2010-09-09 2011-08-09 Procédés et appareils de traitement d'une clé indisponible

Country Status (3)

Country Link
AR (1) AR082832A1 (fr)
TW (1) TW201230830A (fr)
WO (1) WO2012032218A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040228491A1 (en) * 2003-05-13 2004-11-18 Chih-Hsiang Wu Ciphering activation during an inter-rat handover procedure
EP2071885A2 (fr) * 2007-12-05 2009-06-17 Innovative Sonic Limited Procédé de gestion de changement de clé de sécurité et dispositif de communication associé
EP2197147A1 (fr) * 2007-09-28 2010-06-16 Huawei Technologies Co., Ltd. Procédé et dispositif pour mettre à jour la clé dans l'état actif
EP2203008A1 (fr) * 2008-12-29 2010-06-30 HTC Corporation Procédé de gestion de la configuration de sécurité dans des systèmes de communication sans fil et dispositif de communication associé

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040228491A1 (en) * 2003-05-13 2004-11-18 Chih-Hsiang Wu Ciphering activation during an inter-rat handover procedure
EP2197147A1 (fr) * 2007-09-28 2010-06-16 Huawei Technologies Co., Ltd. Procédé et dispositif pour mettre à jour la clé dans l'état actif
EP2071885A2 (fr) * 2007-12-05 2009-06-17 Innovative Sonic Limited Procédé de gestion de changement de clé de sécurité et dispositif de communication associé
EP2203008A1 (fr) * 2008-12-29 2010-06-30 HTC Corporation Procédé de gestion de la configuration de sécurité dans des systèmes de communication sans fil et dispositif de communication associé

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Technical Specification; 3rd Generation Partnership Project; Technical Specification Group Radio Access Network; Evolved Universal Terrestrial Radio Access (E-UTRA); Radio Resource Control (RRC); Protocol specification (Release 9)", 3GPP TS 36.331 V9.3.0 (2010-06), 18 June 2010 (2010-06-18), Retrieved from the Internet <URL:ftp://ftp.3gpp.org/specs/html-info/36331.htm> [retrieved on 20111105] *
"Technical Specification; 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3GPP System Architecture Evolution (SAE); Security architecture (Release 9)", 3GPP TS 33.401 V9.4.0 (2010-06), 18 June 2010 (2010-06-18), Retrieved from the Internet <URL:http://www.3gpp.org/ftp/specs/html-info/33401.htm> [retrieved on 20111103] *

Also Published As

Publication number Publication date
AR082832A1 (es) 2013-01-09
TW201230830A (en) 2012-07-16

Similar Documents

Publication Publication Date Title
US11304248B2 (en) Transmission method and device for sidelink information and communication system
RU2643505C2 (ru) Способ для получения возможностей ue, оконечное устройство и базовая станция
EP3173810B1 (fr) Procédé et appareil pour supporter des mesures de positionnement
EP2732674B1 (fr) Procédé et appareil de distribution de données de capteurs
US11805455B2 (en) Cell global identifier, CGI, reporting of enhanced LTE (eLTE) cells
US12513578B2 (en) Physical cell identity collision resolution for wireless networks
CN102884829B (zh) 用于在小区改变之后提供测量报告管理的方法和装置
JP5654684B2 (ja) 観測到達時間差インター周波数測定
CN104160642B (zh) 定位增强系统和方法
JP6169057B2 (ja) ユーザ装置、及びオフセット報告方法
US20140024357A1 (en) Method and apparatus for cell type specific measurement configuration
US8515431B2 (en) Methods and apparatuses for facilitating triggered mobility
JP2020535732A (ja) 無線通信システムのハンドオーバにおけるセキュリティコンテキストの管理およびキー導出の実施
JP2019521594A5 (fr)
US20210076218A1 (en) Master gnodebs and method of operating master gnodeb
CN104205947A (zh) 用于管理载波的方法和装置
US20250203437A1 (en) Handling of mismatch between ue and network early measurment handling capabilities during early measurement reporting
EP4335171A1 (fr) Mobilité bi-couche de ran de ng
CN114143701B9 (zh) 设备的查找和注册方法、网络侧设备
CN107925923A (zh) 服务小区管理
WO2024165342A1 (fr) Gestion de reconfiguration conditionnelle pendant une opération musim dans des réseaux sans fil
WO2023185756A1 (fr) Procédés et appareil de transmission d&#39;informations, terminal et dispositif côté réseau
WO2012032218A1 (fr) Procédés et appareils de traitement d&#39;une clé indisponible
CN107079489A (zh) 信号传输方法和网络设备
US20250301412A1 (en) Network assisted pl-rs maintenance for inter cell scenarios

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11823118

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11823118

Country of ref document: EP

Kind code of ref document: A1